Rethinking the Container Layer with Nix

Where we’re going, we won’t need overlays

Leigh Capili
Tom Bereknyei

Intro

Getting started

Rule: Ask questions!

Agenda

  1. Introduction: Containers and their limitations.
  2. Nix Storage and Packaging Basics: Understand how Nix stores and manages packages.
  3. OCI Image Make-Up: Break down the anatomy of OCI images and their layers.
  4. Demos: See Nix in action with Kubernetes and container runtimes.

Containers: A Fantastic Virtualization Technology

Layers: a mental model for containers

Container generation

Dockerfiles are amazing

…but

Multi-stage builds

Nix: a quick intro, pros

A declarative framework for package management, builds and deployments

Building software since 2003

Best-practices by default

Nix: a quick intro, cons

Famous for a steep learning curve

Perception problem

Layers to Graphs

It’s all about packaging

Nix: Isolated Package Directories

Conflict-free layers

Where are we today? and references

Game plan - Optimizing Layers

  1. Make each directory a layer.
  2. Combine similar packages/directories into a similar layer.
  3. Use automatic custom strategy to optimize.
  4. Teach OCI to understand non-conflicting layers.
  5. Create tooling so that packages use immutable references or content addressed paths.
  6. ???
  7. Profit

Some numbers - python

Some numbers - size

More about optimizing image sizes

Custom Layer Strategies

Cut out Python from the rest of the graph:

[
  ["subcomponent_out" [pkgs.python3]]
  ["over" "rest" ["pipe" [
        ["popularity_contest"]
        ["limit_layers" 100]
  ]]]
]

Demo 1: Nix Expressions to Build Containers

Demo 2: Node-Local Nix Stores

Demo 3: Image volumes

Demo 4: Nix-Snapshotter with Containerd

What now? Call-to-action

Questions?